CVE-2022-41962

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-41962

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41962.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-41962

Aliases

GHSA-88qf-33qm-9mm7

Published

2022-12-16T12:45:06.499Z

Modified

2025-11-28T05:02:06.030648Z

Severity

2.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

BigBlueButton contains Incorrect Authorization for setting emoji status

Details

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should only be able to set none as the status of other users. This issue is patched in 2.4-rc-6 and 2.5-alpha-1There are no workarounds.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-863"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/41xxx/CVE-2022-41962.json"
}

References

Affected packages

Git / github.com/bigbluebutton/bigbluebutton

Affected ranges

Type: GIT
Repo: https://github.com/bigbluebutton/bigbluebutton
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

07cfcd376a44aceb543bcb8f098cf34d73b6b8bf

Affected versions

0.*

0.81-dev-deskshare-fixes-compatible-with-0.8

2.*

2.2-beta-10

2.2-beta-11

2.2-beta-12

2.2-beta-14

2.2-beta-15

2.2-beta-16

2.2-beta-17

2.2-beta-18

2.2-beta-19

2.2-beta-2

2.2-beta-20

2.2-beta-21

2.2-beta-22

2.2-beta-23

2.2-beta-3

2.2-beta-4

2.2-beta-5

2.2-beta-6

2.2-beta-7

2.2-beta-8

2.2-beta-9

2.2-rc-1

2.2-rc-2

2.2-rc-3

2.2-rc-4

2.2-rc-5

2.2-rc-6

2.4-rc-2

Other

dcs-2-a

pre-recording-merge

v0.*

v0.7

v0.71

v0.71a

v0.8

v0.81

v0.81b

v0.81rc

v0.81rc2

v0.81rc3

v0.81rc4

v0.81rc5

v0.8b4

v0.8b4.0

v0.8rc2

v0.9.0-beta

v0.9.1

v0.9.2

v1.*

v1.0.0

v1.1.0

v2.*

v2.0-rc2

v2.0-rc3

v2.0-rc4

v2.0-rc5

v2.0-rc6

v2.0-rc7

v2.0.x-html5-beta1

v2.2.0

v2.2.1

v2.2.10

v2.2.11-good

v2.2.12

v2.2.14

v2.2.15

v2.2.16

v2.2.17

v2.2.18

v2.2.19

v2.2.2

v2.2.20

v2.2.21

v2.2.22

v2.2.23

v2.2.24

v2.2.25

v2.2.26

v2.2.27

v2.2.28

v2.2.29

v2.2.3

v2.2.30

v2.2.31

v2.2.32

v2.2.33

v2.2.34

v2.2.35

v2.2.36

v2.2.4

v2.2.5

v2.2.6

v2.2.7

v2.2.8

v2.2.9

v2.3-alpha-1

v2.3-alpha-2

v2.3-alpha-3

v2.3-alpha-4

v2.3-alpha-5

v2.3-alpha-6

v2.3-alpha-7

v2.3-alpha-8

v2.3-beta-1

v2.3-beta-2

v2.3-beta-3

v2.3-beta-4

v2.3-beta-5

v2.3-rc-1

v2.3-rc-2

v2.3.0

v2.3.1

v2.3.10

v2.3.11

v2.3.12

v2.3.13

v2.3.14

v2.3.2

v2.3.3

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.3.8

v2.3.9

v2.4-alpha-1

v2.4-alpha-2

v2.4-beta-1

v2.4-beta-2

v2.4-beta-3

v2.4-beta-4

v2.4-rc-1

v2.4-rc-3

v2.4-rc-4

v2.4-rc-5

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41962.json"